Chrome gets more stable, more secure Flash plug-in

Flash may be on its way out in the mobile world, but it's still going strong on the PC. Now, Google says the version of the Flash plug-in built into its Chrome web browser has gotten even better. The plug-in has been ported to a new plug-in architecture that allows an "even deeper level of sandbox protection," the company says. The change should translate into not just better security, but also improved stability and performance.

Windows Flash is now inside a sandbox that’s as strong as Chrome’s native sandbox, and dramatically more robust than anything else available. And for the first time ever, Windows XP users (specifically, over 100 million Chrome users) have a sandboxed Flash—which is critical given the absence of OS support for security features like ASLR and integrity levels.

Beyond the security benefits, PPAPI has allowed us to move plug-ins forward in numerous other ways. By eliminating the complexity and legacy code associated with NPAPI, we’ve reduced Flash crashes by about 20%. We can also composite Flash content on the GPU, allowing faster rendering and smooth scrolling (with more improvements to come). And because PPAPI doesn’t let the OS bleed through, it’s the only way to use all Flash features on any site in Windows 8 Metro mode.

You can try the new-and-improved Flash plug-in for yourself in Chrome 21, which quietly rolled out to Chrome users last week. Those who haven't converted can download the browser here.

I haven't noticed many differences with the new Flash plug-in, except that, oddly enough, the full-screen function in YouTube now always snaps to my primary monitor, even when the video was playing on my secondary display. Adobe ironed out that problem way back in February 2011, when it added proper multi-monitor full-screen support. I guess the latest version of the plug-in must have rolled back the change somehow. Weird. (Thanks to The Verge for the heads up.)